Browse Source

Refactor -engine documentation

Common wording courtesy Richard Levitte.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10128)
master
Rich Salz 3 years ago
committed by Tomas Mraz
parent
commit
018aaeb478
30 changed files with 160 additions and 198 deletions
  1. +13
    -0
      .gitignore
  2. +3
    -8
      doc/man1/openssl-ca.pod.in
  3. +5
    -8
      doc/man1/openssl-dgst.pod.in
  4. +2
    -7
      doc/man1/openssl-dhparam.pod.in
  5. +7
    -7
      doc/man1/openssl-dsa.pod.in
  6. +3
    -7
      doc/man1/openssl-dsaparam.pod.in
  7. +7
    -7
      doc/man1/openssl-ec.pod.in
  8. +2
    -7
      doc/man1/openssl-ecparam.pod.in
  9. +5
    -3
      doc/man1/openssl-enc.pod.in
  10. +5
    -10
      doc/man1/openssl-gendsa.pod.in
  11. +8
    -9
      doc/man1/openssl-genpkey.pod.in
  12. +3
    -8
      doc/man1/openssl-genrsa.pod.in
  13. +3
    -0
      doc/man1/openssl-pkcs12.pod.in
  14. +7
    -7
      doc/man1/openssl-pkcs7.pod.in
  15. +3
    -8
      doc/man1/openssl-pkcs8.pod.in
  16. +8
    -8
      doc/man1/openssl-pkey.pod.in
  17. +8
    -8
      doc/man1/openssl-pkeyparam.pod.in
  18. +2
    -7
      doc/man1/openssl-pkeyutl.pod.in
  19. +3
    -8
      doc/man1/openssl-req.pod.in
  20. +7
    -7
      doc/man1/openssl-rsa.pod.in
  21. +3
    -8
      doc/man1/openssl-s_client.pod.in
  22. +3
    -8
      doc/man1/openssl-s_server.pod.in
  23. +3
    -8
      doc/man1/openssl-speed.pod.in
  24. +7
    -7
      doc/man1/openssl-spkac.pod.in
  25. +8
    -8
      doc/man1/openssl-storeutl.pod.in
  26. +2
    -7
      doc/man1/openssl-ts.pod.in
  27. +6
    -10
      doc/man1/openssl-verify.pod.in
  28. +3
    -8
      doc/man1/openssl-x509.pod.in
  29. +13
    -0
      doc/man1/openssl.pod
  30. +8
    -0
      doc/perlvars.pm

+ 13
- 0
.gitignore View File

@ -31,28 +31,41 @@ doc/man1/openssl-cms.pod
doc/man1/openssl-crl.pod
doc/man1/openssl-dgst.pod
doc/man1/openssl-dhparam.pod
doc/man1/openssl-dsa.pod
doc/man1/openssl-dsaparam.pod
doc/man1/openssl-ec.pod
doc/man1/openssl-ecparam.pod
doc/man1/openssl-enc.pod
doc/man1/openssl-engine.pod
doc/man1/openssl-gendsa.pod
doc/man1/openssl-genpkey.pod
doc/man1/openssl-genrsa.pod
doc/man1/openssl-info.pod
doc/man1/openssl-list.pod
doc/man1/openssl-ocsp.pod
doc/man1/openssl-passwd.pod
doc/man1/openssl-pkcs12.pod
doc/man1/openssl-pkcs7.pod
doc/man1/openssl-pkcs8.pod
doc/man1/openssl-pkey.pod
doc/man1/openssl-pkeyparam.pod
doc/man1/openssl-pkeyutl.pod
doc/man1/openssl-rand.pod
doc/man1/openssl-req.pod
doc/man1/openssl-rsa.pod
doc/man1/openssl-rsautl.pod
doc/man1/openssl-s_client.pod
doc/man1/openssl-s_server.pod
doc/man1/openssl-s_time.pod
doc/man1/openssl-smime.pod
doc/man1/openssl-speed.pod
doc/man1/openssl-spkac.pod
doc/man1/openssl-srp.pod
doc/man1/openssl-storeutl.pod
doc/man1/openssl-ts.pod
doc/man1/openssl-verify.pod
doc/man1/openssl-x509.pod
doc/man1/openssl.pod
# error code files
/crypto/err/openssl.txt.old


+ 3
- 8
doc/man1/openssl-ca.pod.in View File

@ -48,7 +48,6 @@ B<openssl> B<ca>
[B<-msie_hack>]
[B<-extensions> I<section>]
[B<-extfile> I<section>]
[B<-engine> I<id>]
[B<-subj> I<arg>]
[B<-utf8>]
[B<-sigopt> I<nm>:I<v>]
@ -58,6 +57,7 @@ B<openssl> B<ca>
[B<-sm2-id> I<string>]
[B<-sm2-hex-id> I<hex-string>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[I<certreq>...]
=for openssl ifdef engine sm2-id sm2-hex-id
@ -253,13 +253,6 @@ An additional configuration file to read certificate extensions from
(using the default section unless the B<-extensions> option is also
used).
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause B<ca>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-subj> I<arg>
Supersedes subject name given in the request.
@ -310,6 +303,8 @@ certificate. The argument for this option is string of hexadecimal digits.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 CRL OPTIONS


+ 5
- 8
doc/man1/openssl-dgst.pod.in View File

@ -27,7 +27,7 @@ B<openssl> B<dgst>|I<digest>
[B<-hmac> I<key>]
[B<-fips-fingerprint>]
[B<-engine> I<id>]
[B<-engine_impl>]
{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
[I<file> ...]
@ -168,13 +168,6 @@ option.
Compute HMAC using a specific key for certain OpenSSL-FIPS operations.
=item B<-engine> I<id>
Use engine I<id> for operations (including private key storage).
This engine is not used as source for digest algorithms, unless it is
also specified in the configuration file or B<-engine_impl> is also
specified.
=item B<-engine_impl>
When used with the B<-engine> option, it specifies to also use
@ -182,6 +175,10 @@ engine I<id> for digest operations.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
The engine is not used for digests unless the B<-engine_impl> option is
used or it is configured to do so, see L<config(5)/Engine Configuration Module>.
=item I<file> ...
File or files to digest. If no files are specified then standard input is


+ 2
- 7
doc/man1/openssl-dhparam.pod.in View File

@ -21,7 +21,7 @@ B<openssl dhparam>
[B<-2>]
[B<-3>]
[B<-5>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
[I<numbits>]
@ -102,12 +102,7 @@ This option prints out the DH parameters in human readable form.
This option converts the parameters into C code. The parameters can then
be loaded by calling the get_dhNNNN() function.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause B<dhparam>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
{- $OpenSSL::safe::opt_engine_item -}
{- $OpenSSL::safe::opt_r_item -}


doc/man1/openssl-dsa.pod → doc/man1/openssl-dsa.pod.in View File


+ 3
- 7
doc/man1/openssl-dsaparam.pod.in View File

@ -17,9 +17,9 @@ B<openssl dsaparam>
[B<-text>]
[B<-C>]
[B<-genkey>]
[B<-engine> I<id>]
[B<-verbose>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[I<numbits>]
=head1 DESCRIPTION
@ -75,12 +75,6 @@ be loaded by calling the get_dsaXXX() function.
This option will generate a DSA either using the specified or generated
parameters.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-verbose>
@ -88,6 +82,8 @@ Print extra details about the operations being performed.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=item I<numbits>
This option specifies that a parameter set should be generated of size


doc/man1/openssl-ec.pod → doc/man1/openssl-ec.pod.in View File


+ 2
- 7
doc/man1/openssl-ecparam.pod.in View File

@ -24,7 +24,7 @@ B<openssl ecparam>
[B<-param_enc> I<arg>]
[B<-no_seed>]
[B<-genkey>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
=for openssl ifdef engine
@ -122,12 +122,7 @@ is included in the ECParameters structure (see RFC 3279).
This option will generate an EC private key using the specified parameters.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause B<ecparam>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
{- $OpenSSL::safe::opt_engine_item -}
{- $OpenSSL::safe::opt_r_item -}


+ 5
- 3
doc/man1/openssl-enc.pod.in View File

@ -37,7 +37,7 @@ B<openssl> B<enc>|I<cipher>
[B<-nopad>]
[B<-debug>]
[B<-none>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
=for openssl ifdef z engine
@ -192,6 +192,8 @@ Use NULL cipher (no encryption or decryption of input).
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 NOTES
@ -204,8 +206,8 @@ Use the L<openssl-list(1)> command to get a list of supported ciphers.
Engines which provide entirely new encryption algorithms (such as the ccgost
engine which provides gost89 algorithm) should be configured in the
configuration file. Engines specified on the command line using -engine
options can only be used for hardware-assisted implementations of
configuration file. Engines specified on the command line using B<-engine>
option can only be used for hardware-assisted implementations of
ciphers which are supported by the OpenSSL core or another engine specified
in the configuration file.


+ 5
- 10
doc/man1/openssl-gendsa.pod.in View File

@ -22,9 +22,9 @@ B<openssl> B<gendsa>
[B<-des>]
[B<-des3>]
[B<-idea>]
[B<-engine> I<id>]
[B<-verbose>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[I<paramfile>]
=for openssl ifdef engine
@ -53,25 +53,20 @@ These options encrypt the private key with specified
cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified no encryption is used.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-verbose>
Print extra details about the operations being performed.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=item I<paramfile>
The DSA parameter file to use. The parameters in this file determine
the size of the private key. DSA parameters can be generated and
examined using the L<openssl-dsaparam(1)> command.
{- $OpenSSL::safe::opt_r_item -}
=back
=head1 NOTES


doc/man1/openssl-genpkey.pod → doc/man1/openssl-genpkey.pod.in View File


+ 3
- 8
doc/man1/openssl-genrsa.pod.in View File

@ -24,10 +24,10 @@ B<openssl> B<genrsa>
[B<-des3>]
[B<-idea>]
[B<-f4>|B<-3>]
[B<-engine> I<id>]
[B<-primes> I<num>]
[B<-verbose>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[B<numbits>]
=for openssl ifdef engine
@ -65,13 +65,6 @@ for if it is not supplied via the B<-passout> argument.
The public exponent to use, either 65537 or 3. The default is 65537.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-primes> I<num>
Specify the number of primes to use while generating the RSA key. The I<num>
@ -85,6 +78,8 @@ Print extra details about the operations being performed.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=item B<numbits>
The size of the private key to generate in bits. This must be the last option


+ 3
- 0
doc/man1/openssl-pkcs12.pod.in View File

@ -41,6 +41,7 @@ B<openssl> B<pkcs12>
[B<-CSP> I<name>]
{- $OpenSSL::safe::opt_trust_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
@ -271,6 +272,8 @@ Write I<name> as a Microsoft CSP name.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 NOTES


doc/man1/openssl-pkcs7.pod → doc/man1/openssl-pkcs7.pod.in View File


+ 3
- 8
doc/man1/openssl-pkcs8.pod.in View File

@ -23,12 +23,12 @@ B<openssl> B<pkcs8>
[B<-v2> I<alg>]
[B<-v2prf> I<alg>]
[B<-v1> I<alg>]
[B<-engine> I<id>]
[B<-scrypt>]
[B<-scrypt_N> I<N>]
[B<-scrypt_r> I<r>]
[B<-scrypt_p> I<p>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine scrypt scrypt_N scrypt_r scrypt_p
@ -135,13 +135,6 @@ This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some
older implementations may not support PKCS#5 v2.0 and may require this option.
If not specified PKCS#5 v2.0 form is used.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-scrypt>
Uses the B<scrypt> algorithm for private key encryption using default
@ -155,6 +148,8 @@ Sets the scrypt I<N>, I<r> or I<p> parameters.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 NOTES


doc/man1/openssl-pkey.pod → doc/man1/openssl-pkey.pod.in View File


doc/man1/openssl-pkeyparam.pod → doc/man1/openssl-pkeyparam.pod.in View File


+ 2
- 7
doc/man1/openssl-pkeyutl.pod.in View File

@ -34,7 +34,7 @@ B<openssl> B<pkeyutl>
[B<-pkeyopt_passin> I<opt>[:I<passarg>]]
[B<-hexdump>]
[B<-asn1parse>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
[B<-engine_impl>]
{- $OpenSSL::safe::opt_r_synopsis -}
@ -179,12 +179,7 @@ hex dump the output data.
Parse the ASN.1 output data, this is useful when combined with the
B<-verifyrecover> option when an ASN1 structure is signed.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
{- $OpenSSL::safe::opt_engine_item -}
=item B<-engine_impl>


+ 3
- 8
doc/man1/openssl-req.pod.in View File

@ -45,11 +45,11 @@ B<openssl> B<req>
[B<-sigopt> I<nm>:I<v>]
[B<-batch>]
[B<-verbose>]
[B<-engine> I<id>]
[B<-sm2-id> I<string>]
[B<-sm2-hex-id> I<hex-string>]
{- $OpenSSL::safe::opt_name_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine keygen_engine sm2-id sm2-hex-id
@ -301,13 +301,6 @@ Non-interactive mode.
Print extra details about the operations being performed.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-keygen_engine> I<id>
Specifies an engine (by its unique I<id> string) which would be used
@ -327,6 +320,8 @@ argument for this option is string of hexadecimal digits.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 CONFIGURATION FILE FORMAT


doc/man1/openssl-rsa.pod → doc/man1/openssl-rsa.pod.in View File


+ 3
- 8
doc/man1/openssl-s_client.pod.in View File

@ -112,7 +112,6 @@ B<openssl> B<s_client>
[B<-starttls> I<protocol>]
[B<-xmpphost> I<hostname>]
[B<-name> I<hostname>]
[B<-engine> I<id>]
[B<-tlsextdebug>]
[B<-no_ticket>]
[B<-sess_out> I<filename>]
@ -131,6 +130,7 @@ B<openssl> B<s_client>
{- $OpenSSL::safe::opt_x_synopsis -}
{- $OpenSSL::safe::opt_trust_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[I<host>:I<port>]
=for openssl ifdef engine ssl_client_engine ct noct ctlogfile
@ -628,13 +628,6 @@ Output SSL session to I<filename>.
Load SSL session from I<filename>. The client will attempt to resume a
connection from this session.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-serverinfo> I<types>
A list of comma-separated TLS Extension Types (numbers between 0 and
@ -707,6 +700,8 @@ I<localhost> on port I<4433>.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 CONNECTED COMMANDS


+ 3
- 8
doc/man1/openssl-s_server.pod.in View File

@ -166,7 +166,6 @@ B<openssl> B<s_server>
[B<-nextprotoneg> I<val>]
[B<-use_srtp> I<val>]
[B<-alpn> I<val>]
[B<-engine> I<val>]
[B<-keylogfile> I<outfile>]
[B<-max_early_data> I<int>]
[B<-early_data>]
@ -177,6 +176,7 @@ B<openssl> B<s_server>
{- $OpenSSL::safe::opt_x_synopsis -}
{- $OpenSSL::safe::opt_trust_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef unix 4 6 unlink no_dhe nextprotoneg use_srtp engine
@ -676,13 +676,6 @@ Protocol names are printable ASCII strings, for example "http/1.1" or
"spdy/3".
The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used.
=item B<-engine> I<val>
Specifying an engine (by its unique id string in I<val>) will cause
this command to attempt to obtain a functional reference to the
specified engine, thus initialising it if needed. The engine will then be
set as the default for all available algorithms.
=item B<-keylogfile> I<outfile>
Appends TLS secrets to the specified keylog file such that external programs
@ -722,6 +715,8 @@ by the client in binary mode.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 CONNECTED COMMANDS


+ 3
- 8
doc/man1/openssl-speed.pod.in View File

@ -9,7 +9,6 @@ openssl-speed - test library performance
B<openssl speed>
[B<-help>]
[B<-engine> I<id>]
[B<-elapsed>]
[B<-evp> I<algo>]
[B<-hmac> I<algo>]
@ -19,6 +18,7 @@ B<openssl speed>
[B<-seconds> I<num>]
[B<-bytes> I<num>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[I<algorithm> ...]
=for openssl ifdef cmac multi async_jobs engine
@ -38,13 +38,6 @@ the B<rand> algorithm name.
Print out a usage message.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-elapsed>
When calculating operations- or bytes-per-second, use wall-clock time
@ -86,6 +79,8 @@ Run benchmarks on I<num>-byte buffers. Affects ciphers, digests and the CSPRNG.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=item I<algorithm> ...
If any I<algorithm> is given, then those algorithms are tested, otherwise a


doc/man1/openssl-spkac.pod → doc/man1/openssl-spkac.pod.in View File


doc/man1/openssl-storeutl.pod → doc/man1/openssl-storeutl.pod.in View File


+ 2
- 7
doc/man1/openssl-ts.pod.in View File

@ -37,7 +37,7 @@ B<-reply>
[B<-out> I<response.tsr>]
[B<-token_out>]
[B<-text>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
B<openssl> B<ts>
B<-verify>
@ -303,12 +303,7 @@ response (TimeStampResp). (Optional)
If this option is specified the output is human-readable text format
instead of DER. (Optional)
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms. Default is built-in. (Optional)
{- $OpenSSL::safe::opt_engine_item -}
=back


+ 6
- 10
doc/man1/openssl-verify.pod.in View File

@ -16,7 +16,6 @@ B<openssl> B<verify>
[B<-crl_download>]
[B<-crl_check>]
[B<-crl_check_all>]
[B<-engine> I<id>]
[B<-explicit_policy>]
[B<-extended_crl>]
[B<-ignore_critical>]
@ -49,6 +48,7 @@ B<openssl> B<verify>
[B<-sm2-hex-id> I<hex-string>]
{- $OpenSSL::safe::opt_name_synopsis -}
{- $OpenSSL::safe::opt_trust_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[B<-->]
[I<certificate> ...]
@ -101,15 +101,6 @@ If a valid CRL cannot be found an error occurs.
Checks the validity of B<all> certificates in the chain by attempting
to look up valid CRLs.
=item B<-engine> I<id>
Specifying an engine I<id> will cause this command to attempt to load the
specified engine.
The engine will then be set as the default for all its supported algorithms.
If you want to load certificates or CRLs that require engine support via any of
the B<-trusted>, B<-untrusted> or B<-CRLfile> options, the B<-engine> option
must be specified before those options.
=item B<-explicit_policy>
Set policy variable require-explicit-policy (see RFC5280).
@ -303,6 +294,11 @@ certificate. The argument for this option is string of hexadecimal digits.
{- $OpenSSL::safe::opt_trust_item -}
{- $OpenSSL::safe::opt_engine_item -}
To load certificates or CRLs that require engine support, specify the
B<-engine> option before any of the
B<-trusted>, B<-untrusted> or B<-CRLfile> options.
=item B<-->
Indicates the last option. All arguments following this are assumed to be


+ 3
- 8
doc/man1/openssl-x509.pod.in View File

@ -63,10 +63,10 @@ B<openssl> B<x509>
[B<-extfile> I<filename>]
[B<-extensions> I<section>]
[B<-sigopt> I<nm>:I<v>]
[B<-engine> I<id>]
[B<-preserve_dates>]
{- $OpenSSL::safe::opt_name_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine subject_hash_old issuer_hash_old
@ -117,13 +117,6 @@ Any digest supported by the L<openssl-dgst(1)> command can be used.
If not specified then SHA1 is used with B<-fingerprint> or
the default digest for the signing algorithm is used, typically SHA256.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-preserve_dates>
When signing a certificate, preserve the "notBefore" and "notAfter" dates
@ -132,6 +125,8 @@ Cannot be used with the B<-days> option.
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head2 Display Options


+ 13
- 0
doc/man1/openssl.pod View File

@ -933,6 +933,19 @@ name.
=back
=head2 Engine Options
=over 4
=item B<-engine> I<id>
Use the engine identified by I<id> and use all the methods it
implements (algorithms, key storage, etc.), unless specified otherwise in
the command-specific documentation or it is configured to do so, as described
in L<config(5)/Engine Configuration Module>.
=back
=head1 ENVIRONMENT
The OpenSSL library can be take some configuration parameters from the


+ 8
- 0
doc/perlvars.pm View File

@ -85,6 +85,14 @@ $OpenSSL::safe::opt_r_item = ""
. "\n"
. "See L<openssl(1)/Random State Options> for details.";
# Engine option
$OpenSSL::safe::opt_engine_synopsis = ""
. "[B<-engine> I<id>]";
$OpenSSL::safe::opt_engine_item = ""
. "=item B<-engine> I<id>\n"
. "\n"
. "See L<openssl(1)/Engine Options>.";
# Trusted certs options
$OpenSSL::safe::opt_trust_synopsis = ""
. "[B<-CAfile> I<file>]\n"


Loading…
Cancel
Save